diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..216bda8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ + +*.csv +ConfigForO365Investigations.json diff --git a/DumpDelegatesandForwardingRules.ps1 b/DumpDelegatesandForwardingRules.ps1 index e4dacc5..b7ffe52 100644 --- a/DumpDelegatesandForwardingRules.ps1 +++ b/DumpDelegatesandForwardingRules.ps1 @@ -1,17 +1,12 @@ -#Import the right module to talk with AAD -import-module MSOnline - -#Let's get us an admin cred! +#Let's get us an admin cred! $userCredential = Get-Credential -#This connects to Azure Active Directory -Connect-MsolService -Credential $userCredential - +#Connecting to Exchange Online $ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $userCredential -Authentication Basic -AllowRedirection -Import-PSSession $ExoSession +Import-PSSession $ExoSession -DisableNameChecking | Out-Null $allUsers = @() -$AllUsers = Get-MsolUser -All -EnabledFilter EnabledOnly | select ObjectID, UserPrincipalName, FirstName, LastName, StrongAuthenticationRequirements, StsRefreshTokensValidFrom, StrongPasswordRequired, LastPasswordChangeTimestamp | Where-Object {($_.UserPrincipalName -notlike "*#EXT#*")} +$AllUsers = Get-Mailbox -ResultSize Unlimited $UserInboxRules = @() $UserDelegates = @() @@ -19,11 +14,11 @@ $UserDelegates = @() foreach ($User in $allUsers) { Write-Host "Checking inbox rules and delegates for user: " $User.UserPrincipalName; - $UserInboxRules += Get-InboxRule -Mailbox $User.UserPrincipalname | Select Name, Description, Enabled, Priority, ForwardTo, ForwardAsAttachmentTo, RedirectTo, DeleteMessage | Where-Object {($_.ForwardTo -ne $null) -or ($_.ForwardAsAttachmentTo -ne $null) -or ($_.RedirectsTo -ne $null)} - $UserDelegates += Get-MailboxPermission -Identity $User.UserPrincipalName | Where-Object {($_.IsInherited -ne "True") -and ($_.User -notlike "*SELF*")} + $UserInboxRules += Get-InboxRule -Mailbox $User.UserPrincipalname | Select-Object @{Name='Mailbox';Expression={$user.UserPrincipalName}},Name, Description, Enabled, Priority, ForwardTo, ForwardAsAttachmentTo, RedirectTo, DeleteMessage | Where-Object {($_.ForwardTo -ne $null) -or ($_.ForwardAsAttachmentTo -ne $null) -or ($_.RedirectTo -ne $null)} + $UserDelegates += Get-MailboxPermission -Identity $User.UserPrincipalName | Where-Object {($_.IsInherited -ne "True") -and ($_.User -notlike "*SELF*")} } -$SMTPForwarding = Get-Mailbox -ResultSize Unlimited | select DisplayName,ForwardingAddress,ForwardingSMTPAddress,DeliverToMailboxandForward | where {$_.ForwardingSMTPAddress -ne $null} +$SMTPForwarding = $allUsers | Select-Object DisplayName,UserPrincipalName,ForwardingAddress,ForwardingSMTPAddress,DeliverToMailboxandForward | Where-Object {($_.ForwardingSMTPAddress -ne $null) -or ($_.ForwardingAddress -ne $null)} $UserInboxRules | Export-Csv MailForwardingRulesToExternalDomains.csv $UserDelegates | Export-Csv MailboxDelegatePermissions.csv diff --git a/DumpDelegatesandForwardingRulesFromFile.ps1 b/DumpDelegatesandForwardingRulesFromFile.ps1 index c06b032..5edf573 100644 --- a/DumpDelegatesandForwardingRulesFromFile.ps1 +++ b/DumpDelegatesandForwardingRulesFromFile.ps1 @@ -7,8 +7,9 @@ $userCredential = Get-Credential #This connects to Azure Active Directory Connect-MsolService -Credential $userCredential +#Connecting to Exchange Online $ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $userCredential -Authentication Basic -AllowRedirection -Import-PSSession $ExoSession +Import-PSSession $ExoSession -DisableNameChecking | Out-Null #Let's Pull in the list of all GUIDS @@ -19,7 +20,7 @@ $allUsers = @() foreach ($guid in $UserGuids) { - $allUsers += Get-MsolUser -ObjectID $guid.ObjectId | select ObjectID, UserPrincipalName, FirstName, LastName, StrongAuthenticationRequirements, StsRefreshTokensValidFrom, StrongPasswordRequired, LastPasswordChangeTimestamp + $allUsers += Get-MsolUser -ObjectID $guid.ObjectId | select-Object ObjectID, UserPrincipalName, FirstName, LastName, StrongAuthenticationRequirements, StsRefreshTokensValidFrom, StrongPasswordRequired, LastPasswordChangeTimestamp } $UserInboxRules = @() @@ -28,7 +29,7 @@ $UserDelegates = @() foreach ($User in $allUsers) { Write-Host "Checking inbox rules and delegates for user: " $User.UserPrincipalName; - $UserInboxRules += Get-InboxRule -Mailbox $User.UserPrincipalname | Select Name, Description, Enabled, Priority, ForwardTo, ForwardAsAttachmentTo, RedirectTo, DeleteMessage | Where-Object {($_.ForwardTo -ne $null) -or ($_.ForwardAsAttachmentTo -ne $null) -or ($_.RedirectsTo -ne $null)} + $UserInboxRules += Get-InboxRule -Mailbox $User.UserPrincipalname | Select-Object @{Name='Mailbox';Expression={$user.UserPrincipalName}}, Name, Description, Enabled, Priority, ForwardTo, ForwardAsAttachmentTo, RedirectTo, DeleteMessage | Where-Object {($_.ForwardTo -ne $null) -or ($_.ForwardAsAttachmentTo -ne $null) -or ($_.RedirectsTo -ne $null)} $UserDelegates += Get-MailboxPermission -Identity $User.UserPrincipalName | Where-Object {($_.IsInherited -ne "True") -and ($_.User -notlike "*SELF*")} } diff --git a/EnableMailboxAuditing.ps1 b/EnableMailboxAuditing.ps1 index 2fb5496..f678643 100644 --- a/EnableMailboxAuditing.ps1 +++ b/EnableMailboxAuditing.ps1 @@ -7,7 +7,7 @@ $ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri Import-PSSession $ExoSession #Enable global audit logging -Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"} | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems +Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"} | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission, UpdateInboxRules, UpdateCalendarDelegation -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems, UpdateInboxRules, UpdateCalendarDelegation #Double-Check It! Get-Mailbox -ResultSize Unlimited | Select Name, AuditEnabled, AuditLogAgeLimit | Out-Gridview diff --git a/Get-AllTenantRulesAndForms.ps1 b/Get-AllTenantRulesAndForms.ps1 index a3292ae..a7865f1 100644 --- a/Get-AllTenantRulesAndForms.ps1 +++ b/Get-AllTenantRulesAndForms.ps1 @@ -159,7 +159,7 @@ Import-PSSession $ExoSession #Get all the mailboxes -$mailBoxes = Get-Mailbox | Select UserPrincipalName +$mailBoxes = Get-Mailbox -ResultSize Unlimited | Select UserPrincipalName ("Number of mailboxes to process: " + $mailBoxes.Count.ToString()) #For Every Mailbox, get all the rules and dump them to a big file diff --git a/InactiveUsersLast90Days.ps1 b/InactiveUsersLast90Days.ps1 index 534e3c0..427331e 100644 --- a/InactiveUsersLast90Days.ps1 +++ b/InactiveUsersLast90Days.ps1 @@ -1,25 +1,31 @@ -import-module MSOnline - +import-module MSOnline + #Let's get us an admin cred! $userCredential = Get-Credential - -#This connects to Azure Active Directory + +#This connects to Azure Active Directory and passes admincreds Connect-MsolService -Credential $userCredential $ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $userCredential -Authentication Basic -AllowRedirection Import-PSSession $ExoSession -$startDate = (Get-Date).AddDays(-90).ToString('MM/dd/yyyy') +# Minus 90 Days from Today (Can Change to lower value) +$InactiveDays = -90 +$startDate = (Get-Date).AddDays($InactiveDays).ToString('MM/dd/yyyy') +#Todays current date $endDate = (Get-Date).ToString('MM/dd/yyyy') +#Creates Array for Users $allUsers = @() -$allUsers = Get-MsolUser -All -EnabledFilter EnabledOnly | Select UserPrincipalName +#Uses Get-MsolUser cmdlet to get UPN +$allUsers = Get-MsolUser -All -EnabledFilter EnabledOnly | Select-Object UserPrincipalName +#Creates another Array for dates $loggedOnUsers = @() $loggedOnUsers = Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -Operations UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed -ResultSize 5000 +#Creates Array for UPNs not included. +$inactiveUsers = @() +$inactiveUsers = $allUsers.UserPrincipalName | where-Object {$loggedOnUsers.UserIds -NotContains $_} -$inactiveInLastThreeMonthsUsers = @() -$inactiveInLastThreeMonthsUsers = $allUsers.UserPrincipalName | where {$loggedOnUsers.UserIds -NotContains $_} - -Write-Output "The following users have no logged in for the last 90 days:" -Write-Output $inactiveInLastThreeMonthsUsers - +#Prints Results +Write-Output "The following users have not logged in for the last 90 days:" +Write-Output $inactiveUsers